# This is a POSIX shell fragment                -*- sh -*-

# To configure the secure channel, fill in the following properly and
# uncomment them.  Afterward, the secure channel will come up
# automatically at boot time.  It can be started immediately with
#       /etc/init.d/openflow-switch start
# Alternatively, use the ofp-switch-setup program (from the
# openflow-switch-config package) to do everything automatically.

# NETDEVS: Which network devices should the OpenFlow switch include?
#
# List the network devices that should become part of the OpenFlow
# switch, separated by spaces.  At least two devices must be selected
# for this machine to be a useful switch.  Unselecting all network
# devices will disable the OpenFlow switch entirely.
# 
# The network devices that you select should not be configured with IP
# or IPv6 addresses, even if the switch contacts the controller over
# one of the selected network devices.  This is because a running
# OpenFlow switch takes over network devices at a low level: they
# become part of the switch and cannot be used for other purposes.
#NETDEVS=""

# MODE: The OpenFlow switch has three modes that determine how it
# reaches the controller:
#
# * in-band with discovery: A single network is used for OpenFlow
#   traffic and other data traffic; that is, the switch contacts the
#   controller over one of the network devices selected as OpenFlow
#   switch ports.  The switch automatically determines the location of
#   the controller using a DHCP request with an OpenFlow-specific
#   vendor option.  This is the most common case.
# 
# * in-band: As above, but the location of the controller is manually
#   configured.
# 
# * out-of-band: OpenFlow traffic uses a network separate from the
#   data traffic that it controls.  If this is the case, the control
#   network must already be configured on a network device other than
#   one of those selected as an OpenFlow switch port in the previous
#   question.
#
# Set MODE to 'discovery', 'in-band', or 'out-of-band' for these
# respective cases.
MODE=discovery

# SWITCH_IP: In 'in-band' mode, the switch's IP address may be
# configured statically or dynamically:
# 
# * For static configuration, specify the switch's IP address as a
#   string.  In this case you may also set SWITCH_NETMASK and
#   SWITCH_GATEWAY appropriately.
# 
# * For dynamic configuration with DHCP (the most common case),
#   specify "dhcp".  Configuration with DHCP will only work reliably
#   if the network topology allows the switch to contact the DHCP
#   server before it connects to the OpenFlow controller.
#
# This setting has no effect unless MODE is set to 'in-band'.
SWITCH_IP=dhcp
#SWITCH_NETMASK=255.255.255.0
#SWITCH_GATEWAY=192.168.1.1

# CONTROLLER: Location of controller.
# One of the following formats:
#  tcp:HOST[:PORT]         via TCP to PORT (default: 6633) on HOST
#  ssl:HOST[:PORT]         via SSL to PORT (default: 6633) on HOST
# The default below assumes that the controller is running locally.
# This setting has no effect when MODE is set to 'discovery'.
#CONTROLLER="tcp:127.0.0.1"

# PRIVKEY: Name of file containing switch's private key.
# Required if SSL enabled.
#PRIVKEY=/etc/openflow-switch/of0-privkey.pem

# CERT: Name of file containing certificate for private key.
# Required if SSL enabled.
#CERT=/etc/openflow-switch/of0-cert.pem

# CACERT: Name of file containing controller CA certificate.
# Required if SSL enabled.
#CACERT=/etc/openflow-switch/cacert.pem

# CACERT_MODE: Two modes are available:
#
# * secure: The controller CA certificate named in CACERT above must exist.
#   (You must copy it manually from the PKI server or another trusted source.)
#
# * bootstrap: If the controller CA certificate named in CACERT above does
#   not exist, the switch will obtain it from the controller the first time
#   it connects and save a copy to the file named in CACERT.  This is insecure,
#   in the same way that initial connections with ssh are insecure, but
#   it is convenient.
# 
# Set CACERT_MODE to 'secure' or 'bootstrap' for these respective cases.
#CACERT_MODE=secure

# MGMT_VCONNS: List of vconns (space-separated) on which secchan
# should listen for management connections from dpctl, etc.
# openflow-switchui by default connects to
# unix:/var/run/secchan.mgmt, so do not disable this if you want to
# use openflow-switchui.
MGMT_VCONNS="punix:/var/run/secchan.mgmt"

# MONITOR_VCONN:  Name of vconn on which secchan should listen for 
# monitoring connections from dpctl.
MONITOR_VCONN="punix:/var/run/secchan.monitor"

# COMMANDS: Access control list for the commands that can be executed
# remotely over the OpenFlow protocol, as a comma-separated list of
# shell glob patterns.  Negative patterns (beginning with !) act as a
# blacklist.  To be executable, a command name must match one positive
# pattern and not match any negative patterns.
#COMMANDS="reboot,update"

# DAEMON_OPTS: Additional options to pass to secchan, e.g. "--fail=open"
DAEMON_OPTS=""

# CORE_LIMIT: Maximum size for core dumps.
#
# Leaving this unset will use the system default.  Setting it to 0
# will disable core dumps.  Setting it to "unlimited" will dump all
# core files regardless of size.
#CORE_LIMIT=unlimited

# DATAPATH_ID: Identifier for this switch.
#
# By default, the switch generates a new, random datapath ID every time
# it starts up.  By setting this value, the datapath ID will be consistent
# from one run to the next.
#
# Set DATAPATH_ID to a MAC address in the form XX:XX:XX:XX:XX:XX where each
# X is a hexadecimal digit (0-9 or a-f).
#DATAPATH_ID=XX:XX:XX:XX:XX:XX 
